vault migration

2026-04-30 22:38:33 +02:00
parent 2e09a2d404
commit 73376a0a7d
49 changed files with 1103 additions and 272 deletions
--- a/cluster-resources/argocd-notifications-secret-vault.yaml
+++ b/cluster-resources/argocd-notifications-secret-vault.yaml
@@ -0,0 +1,15 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: argocd-notifications-secret
+  namespace: argocd
+spec:
+  type: kv-v2
+  mount: kv
+  path: argocd/argocd-notifications-secret
+  destination:
+    name: argocd-notifications-secret
+    create: true
+    type: Opaque
+  refreshAfter: 30s
+  vaultAuthRef: vault-auth
--- a/cluster-resources/forte-helm-repo-vault.yaml
+++ b/cluster-resources/forte-helm-repo-vault.yaml
@@ -0,0 +1,16 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: forte-helm-repo
+  namespace: argocd
+spec:
+  type: kv-v2
+  mount: kv
+  path: argocd/forte-helm-repo
+  destination:
+    name: forte-helm-repo
+    create: true
+    labels:
+      argocd.argoproj.io/secret-type: repository
+  refreshAfter: 30s
+  vaultAuthRef: vault-auth
--- a/cluster-resources/forte10x-repo-credentials-vault.yaml
+++ b/cluster-resources/forte10x-repo-credentials-vault.yaml
@@ -0,0 +1,17 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: forte10x-repo-creds
+  namespace: argocd
+spec:
+  type: kv-v2
+  mount: kv
+  path: argocd/forte10x-repo-creds
+  destination:
+    name: forte10x-repo-creds
+    create: true
+    type: Opaque
+    labels:
+      argocd.argoproj.io/secret-type: repository
+  refreshAfter: 30s
+  vaultAuthRef: vault-auth
--- a/cluster-resources/mcp10x-repo-credentials-vault.yaml
+++ b/cluster-resources/mcp10x-repo-credentials-vault.yaml
@@ -0,0 +1,17 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: mcp10x-repo-creds
+  namespace: argocd
+spec:
+  type: kv-v2
+  mount: kv
+  path: argocd/mcp10x-repo-creds
+  destination:
+    name: mcp10x-repo-creds
+    create: true
+    type: Opaque
+    labels:
+      argocd.argoproj.io/secret-type: repository
+  refreshAfter: 30s
+  vaultAuthRef: vault-auth
--- a/cluster-resources/vault-auth-argocd.yaml
+++ b/cluster-resources/vault-auth-argocd.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault-auth-argocd
+  namespace: argocd
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuth
+metadata:
+  name: vault-auth
+  namespace: argocd
+spec:
+  method: kubernetes
+  mount: kubernetes
+  kubernetes:
+    role: ns-argocd
+    serviceAccount: vault-auth-argocd
+    audiences:
+    - vault